Hostapd Test Results and Problem Areas
SR Dasgupta
srdasgupta
Thu Sep 11 09:00:57 PDT 2003
I intend to share with you my test observations on the hostapd and the
problems am facing.
While going through observations, if you find any mistake commited by me or
if you have,
do let me know.
The problem areas section below is what I intend to highlight. It will be a
very tedious and costly
affair for my project if I re-write WEP related code in hostapd at this
stage. Incase, any of you
guys have solution to 'em, let me know.
Regards,
-Shubharanjan
Setup
=====
Supplicant - WinXP without SP1
AP - MIPS platform with Hostapd running
RADIUS - FreeRADIUS and Oddessy Server (for testing TLS only).
You can download the evaluation version of oddessy at www.funk.com.
Successful Testings
===============
1. EAP-MD5 - This works fine.
2. EAP-TLS - This works fine as well.
Problems Areas
===============
WEP -
This is a pain in the neck for me. WEP works simply great with hostap
driver
and "hostapd NOT RUNNING" i.e. configuring WEP using iwconfig.
The following are the testing that I have carried out and my observations:
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------
Case 1:
1. Disable WEP key options in hostapd.conf. IEEE 802.1x and RADIUS should
also be disabled.
2. Start hostapd (" # hostapd -d /etc/hostapd.conf & "). The daemon would
run but not do nay stuff.
3. Set WEP keys using iwconfig (" # iwconfig eth2 key 1 904f00109c ").
We have configured eth2 instead if wlan0.
4. Configure the XP with same WEP keys and index.
Observation 1: WEP encryption works. This case should not be a problem
anyways. It was just to test the driver.
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------
Case 2:
1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " to
see the values)
2. Enable following WEP key options in hostapd.conf
wep_key_len_broadcast=5
# wep_key_len_unicast=5
# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
wep_rekey_period=0
Keep the 802.1x and RADIUS options disabled. The rotation is disabled
as evident
3. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
4. View WEP keys using iwlist (" # iwlist eth2 key ").
# iwlist eth2 key
eth2 2 key sizes : 40, 104bits
4 keys available :
[1]: 904F-0010-9C (40 bits)
[2]: off
[3]: off
[4]: off
Current Transmit Key: [1]
Security mode:open
5. Configure the XP with same WEP keys and index.
Observation 2: There is no packet transfer between XP supplicant and AP.
This was observed with ethereal.
To me this is real strange. Why should things not work when Hostapd is
running and key rotation is disabled? How
does this differ from Case I.
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------
Case 3:
Repeat Case 2 but now enable key rotation ("wep_rekey_period=300"). In XP,
enable WEP and "The key is provided for me automatically" options.
Observation 3: The result is the same as observation 2. In this case,
hopefully I did the right thing in XP.
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------
Case 4: (WEP & MD5)
1. Ensure that there is no WEP key pre-configured (" # iwlist eth2 key " to
see the values)
2. Enable following WEP key options in hostapd.conf
wep_key_len_broadcast=5
# wep_key_len_unicast=5
# Rekeying period in seconds. 0 = do not rekey (i.e., set keys only once)
wep_rekey_period=0
Rekeying is 0 since as far as I know, MD5 doesnot support it.
3. Enable IEEE 802.1x in hostapd.conf (ieee8021x=1). Configure RADIUS
setting correctly.
4. Start hostapd (" # hostapd -d /etc/hostapd.conf & ").
5. View WEP keys using iwlist (" # iwlist eth2 key ").
# iwlist eth2 key
eth2 2 key sizes : 40, 104bits
4 keys available :
[1]: 904F-0010-9C (40 bits)
[2]: off
[3]: off
[4]: off
Current Transmit Key: [1]
Security mode:open
5. Configure the XP with same WEP keys and index. Configure Authentication
as MD5.
Observation 4: The result is the same as observation 2.
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------
Case 5: (WEP & TLS)
Repeat Case 4 but for the following:
1. Configure RADIUS setting correctly, this time for Oddessy server.
2. Configure Oddessy Server correctly.
3. Use Oddessy Client on WinXP and configure correctly. Use WEP option and
specify the same key as on AP. Disable key rotation in the client.
Note: The above steps were carried out for successful EAP-TLS testing.
Observation 5: The result is the same as observation 2.
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------
Case 6: (WEP & TLS - key rotation)
Repeat Case 4 but for the following:
1. Enable key rotation ("wep_rekey_period=300") in hostapd.conf. Keep
802.1x option enabled (ieee8021x=1). Configure RADIUS setting correctly,
this time for Oddessy server.
2. Configure Oddessy Server correctly.
3. Use Oddessy Client on WinXP and configure correctly for automatic key
rotation.
Note: The above steps were carried out for successful EAP-TLS testing.
Observation 5: The result is the same as observation 2.
------------------------------------------------------------------------
------------------------------------------------------------------------
------------------------------------
Note: I have used unicast key setting as well but it has not helped.
More information about the Hostap
mailing list